You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Paranoid IDS/IPS/Firewall setting for the home internet access

Forgive my fundamental lack of knowledge about security For a home user, what could be the most automated and secure hardware/software setting to secure devices (other than switching the devices off)? Having lets say iot devices which in my opinion are:

xbox

windows phones

raspberry pi-like devices

Now I know that xbox and windows phones are closed systems, but from what I have recently heard by justice dept-security specialists it doesn't matter how closed these devices are they are all hackable especially when they were using wifiAP/tethering/developer modes at least at some point in lifetime.

So what I'm considering as a paranoid but automated setting:

Norton core/ Bitdefender box

Bro IDS/Suricata or other log analyzer on some raspberry pi.

VPN on the end router

Maybe a traffic analyzer/sniffer/ids on the other side of the vpn.

Phone number changed every month or so

Some total security software- bitdefender? Norton?

Some bulk blocklist for the firewall? Where to get one if those are generally available?

My biggest security danger that I'd like to defend from is not typical malware from pirated software or porn sites or other typical places where I can catch it. Also not a fake bank phising messages (probably). I'm not that scared of typical mass automated malware that is obviously known. My deal is defending from direct attacks through lte connection to retrieve photos, films from the camera, messages, keystrokes, passwords, financial activity etc. Worst case scenario is the supposed "no trace" attacks to defend from